Book Review: Introducing Windows Azure For IT Professionals

The chapter(s) that I found most helpful were basically all of them! hence the majority of my highlights are from basically the entire book.

I’ve decided to share my highlights from reading this specific publication, in case the points that I found of note/interest will be of some benefit to someone else. So, here are my highlights (by chapter). Note that not every chapter will have highlights (depending on the content and the main focus of my work).

Chapter 01: Understanding Windows Azure

Not every business is ready to take advantage of the different types of cloud computing services available. To help you learn whether your business is ready for the cloud, Microsoft has a web-based Cloud Security Readiness tool that assesses the systems, processes, and productivity of your current IT environment and generates a custom noncommercial report that provides recommendations to help you evaluate the benefits of cloud computing. To use this free tool, go to http://technet.microsoft.com/en-us/security/jj554736.aspx.

Software as a Service (SaaS) In this approach, the customer utilizes standardized cloud-based services such as document management or email that are provided by the hoster. This model views the customer as the user who consumes cloud applications, typically as a pay-as-you-go service.

Infrastructure as a Service (IaaS) In this approach, the customer pays the hoster to run a virtual machine in the hoster’s cloud. The customer is responsible for configuring and managing the virtual machine’s guest operating system and applications. This model views the customer as the IT owner since the customer has complete control over what they can do with their virtual machine.

Platform as a Service (PaaS) In this approach, the customer develops and deploys applications for a specific application architecture. The hoster provides the application runtime, storage, and integration needed to run the customer’s application and is responsible for keeping the environment up and running, operating systems updated, and customer data safe. This model views the customer as the application owner since the customer is responsible for developing and maintaining the application. The customer is also responsible for data integrity and business logic.

Chapter 02: Windows Azure Compute Services

You can copy virtual hard disks (VHDs) from your on-premises environment into Windows Azure to use as templates for creating new virtual machines. And you can copy VHDs out of Windows Azure and run them locally in your datacenter.

In Windows Server 2012 every aspect of the operating system can be configured and managed using Windows PowerShell.

The Windows Azure PowerShell module is not provided as part of Windows, however it can be added easily.

All the available cmdlets in the Windows Azure module can be viewed using the command: Get-Command—Module Azure

If the Windows PowerShell environment was not launched via the Windows Azure PowerShell program, then the first step is to actually import the Windows Azure PowerShell module which is accomplished using the following command: Import-Module “C:\Program Files (x86)\Microsoft SDKs\Windows Azure\
PowerShell\Azure\Azure.psd1”

Run the command below to see every template that is really available.
Get-AzureVMImage | ft Label,ImageName,LogicalSizeInGB

Windows Azure provides two deployment environments for cloud services: staging and production. The staging environment is where you can test your deployment before you “swap” it into your production environment by switching the virtual IP addresses (VIPs) by which your cloud service is accessed.

If you are using a web.config or app.config files, you should instead consider using a service configure (.cscfg) file.

You can enable WAD within your application or after it has been deployed into Windows Azure.
WAD can be configured to collect the following data from a Windows Azure role instance:

Windows Azure logs

IIS logs (web role)

WAD infrastructure logs

IIS failed request logs

Windows event logs

Performance counters

Crash dumps

Custom error logs

WAD will store the data into a specific Windows Azure storage account, I recommend using a dedicated account so access can be segregated from any application data

For Operations, we recommend the Cerebrata Azure Management Studio. If you are already using System Center Operations Manager (SCOM) to monitor your service, you will be happy to know that WAD is fully compatible and you can alert and report on data just like your Windows Azure role instance is an on-premises server.

We might decide at some point to store more properties, and as long as dynamic schema is on, it modifies the table on the fly. It’s recommended that you turn that off (via the Configuration page) before going live.

Chapter 03: Windows Azure Network Services

By default, all virtual machines running in the same cloud service can already communicate with each other without the need for you to create a virtual network for this purpose. By creating additional virtual networks, however, you can also enable virtual machines running in different cloud services to talk to each other.

An affinity group is a logical grouping of Azure services that tells Windows Azure where to locate the services in order to optimize the performance of cloud applications

Traffic Manager lets you load balance incoming traffic across multiple hosted Windows Azure services regardless of whether they’re running in the same datacenter or in different ones at different geographical locations around the world

Traffic Manager works by applying an intelligent policy engine to DNS queries for your domain names

Windows Azure Backup uses certificates to create a secure connection between the server and the Windows Azure backup vault. In addition, all the data is encrypted before it is sent to Windows Azure. In order to do this, Microsoft uses a passphrase that you enter (or have generated) during the server registration process. The data is stored in Windows Azure Backup in an encrypted state

When you are not expecting a very high load, you can scale-in the cache roles and decrease the number of instances. Please note that scaling operations may incur data loss.

Also, the Cache service is designed to occupy the specified memory as soon as possible. It doesn’t wait for the memory to be allocated when the need arises. As a result, you may see that even if you have not put lot of data in cache, the memory consumption by Cache service appears to be increasing as soon as the service starts. As long as the memory usage is stabilizing eventually, this is should be okay.

In a case where high availability is turned on, cache cluster will perform data replication for you.

The percent memory specified is applicable only in the Windows Azure environment and not in a development environment. Cache Emulator is designed to consume 16 percent of available memory (and some overhead). You cannot override this behavior.

While you are decreasing the number of instances, it is recommended that you reduce by not more than three instances at a time. Otherwise, your cache cluster can become unstable

Chapter 05: Windows Azure App Services

DirSync server polls for the object changes and uploads them to the cloud—every three hours

The latest release of DirSync supports synchronization of hashes computed from password hashes; given the sensitivity of the password changes, the password synchronization happens in near real-time.

The difference between Federated Authentication and Managed Authentication is that in the federated setting, the user authentication for all users happens through ADFS attached to the on-premises AD DS while the user validation for non-federated users happens at Windows Azure AD with no ADFS traversal